package com.topsoft.micro.config.oauth;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;

import com.topsoft.micro.security.MyUserDetailsService;

/**
 * 认证服务器  配置               认证服务器需要配置用户登录, 保存用户信息
 */
@Configuration
@EnableAuthorizationServer
public class MyAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter{
	
	@Autowired
	private AuthenticationManager authenticationManager;

	@Autowired
	private MyUserDetailsService  myUserDetailsService;
	
	@Autowired
	private TokenStore  redisTokenStore;
	
	
	/**
	 * 配置能sso登陆的客户端
	 */
	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		
		InMemoryClientDetailsServiceBuilder builder = clients.inMemory(); //内存
		

		//逗号分隔成数组
		String[] authorizedGrantTypes= {"authorization_code","refresh_token","password"};
		String[] scopes= {"all","ROLE_USER"};
		
		builder.withClient("hello1")
			.secret("123456")
			.accessTokenValiditySeconds(3600)
			.autoApprove(true)
			.authorizedGrantTypes(authorizedGrantTypes)
			.scopes(scopes);
		
		builder.withClient("hello2")
		.secret("123456")
		.accessTokenValiditySeconds(3600)
		.autoApprove(true)
		.authorizedGrantTypes(authorizedGrantTypes)
		.scopes(scopes);
		
		builder.withClient("feign")
		.secret("123456")
		.accessTokenValiditySeconds(3600)
		.autoApprove(true)
		.authorizedGrantTypes(authorizedGrantTypes)
		.scopes(scopes);
		
		builder.withClient("gateway")
		.secret("123456")
		.accessTokenValiditySeconds(3600)
		.autoApprove(true)
		.authorizedGrantTypes(authorizedGrantTypes)
		.scopes(scopes);
		
		builder.withClient("client3")
		.secret("123456")
		.accessTokenValiditySeconds(3600)
		.autoApprove(true)
		.authorizedGrantTypes(authorizedGrantTypes)
		.scopes(scopes);
		

	}

	
	/**
	 * 生成令牌
	 */
	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		endpoints.authenticationManager(authenticationManager).userDetailsService(myUserDetailsService)
				.tokenStore(redisTokenStore);
	}


    @Override
    public void configure(AuthorizationServerSecurityConfigurer security)
            throws Exception {
        security.tokenKeyAccess("permitAll()").checkTokenAccess(
                "isAuthenticated()").allowFormAuthenticationForClients();
    }


}
